From mboxrd@z Thu Jan 1 00:00:00 1970 From: Paul Frieden Subject: Re: Too many ARP entries and Re: sendto: No buffer space available Date: Tue, 03 Dec 2002 21:09:26 -0600 Sender: netfilter-admin@lists.netfilter.org Message-ID: <3DED71E6.80807@mail02.1to1service.com> References: <571705138.20021202111645@pobox.com> <14127620470.20021202182836@pobox.com> <1038920934.8888.4.camel@elendil.intranet.cartel-securite.net> <875890239.20021203122724@pobox.com> <20021203175451.J14289@funkyjesus.org> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: Netfilter Mailing List Is your default gateway configured? It sounds like your router is running proxy arp. If you have the default route set to an interface, but without a gateway IP, it will arp to find the IP. Since the Cisco by default has proxy-arp enabled, it will reply that the IP address is accessable via its own MAC address. If you set your default gateway correctly, it should resolve the issue. Paul Nick Drage wrote: > On Tue, Dec 03, 2002 at 12:27:24PM -0200, andre.correa@pobox.com wrote: > > >>root@linuxbox:~# tcpdump -i eth1 | grep arp >>tcpdump: listening on eth1 >>Dec 3 11:16:52 linuxbox kernel: device eth1 entered promiscuous mode > > > > >>11:17:10.390134 arp reply 204.152.184.64 is-at 0:2:b9:1d:db:41 >>11:17:10.640043 arp who-has 200.225.157.104 tell linuxbox >>11:17:10.640967 arp reply 200.225.157.104 is-at 0:2:b9:1d:db:41 >>11:17:10.689240 arp who-has 200.225.157.165 tell linuxbox >>11:17:10.690768 arp reply 200.225.157.165 is-at 0:2:b9:1d:db:41 >>11:17:10.893170 arp who-has 200.225.157.163 tell linuxbox >>11:17:10.894088 arp reply 200.225.157.163 is-at 0:2:b9:1d:db:41 >>11:17:10.980746 arp who-has 200.225.157.167 tell linuxbox >>11:17:10.981714 arp reply 200.225.157.167 is-at 0:2:b9:1d:db:41 >>11:17:11.504255 arp who-has a.gtld-servers.net tell linuxbox >>11:17:11.505926 arp reply a.gtld-servers.net is-at 0:2:b9:1d:db:41 >> >>2183 packets received by filter >>0 packets dropped by kernel >> >>We see my linux box asking for MAC addresses of hosts outside >>its "local" network and my gateway, a Cisco 2621 answering those >>broadcasts with its own MAC address. > > > Yes, very peculiar. Your linuxbox appears to think the Internet is one big > switched network :) > > What does > > netstat -rn give you? > > >>For what I know, both are doing wrong. My box is not supposed to ask >>for those MACs and the Cisco is not supposed to answer. > > > Yes. Weren't you using PPPoE or similar? Not familiar with that at all but > that might be related. > > >>Does anybody have seen these before or have any ideas what would cause >>it? > > > Out of interest, where have you looked for answered to this problem? > Looking for overflowing arp tables via www.google.com or similar might give > you the answers you need. >